[whatwg] The problem of duplicate ID as a security issue
Mihai Sucan
mihai.sucan at gmail.com
Tue Mar 14 12:42:27 PST 2006
Le Tue, 14 Mar 2006 14:07:01 +0200, Alexey Feldgendler
<alexey at feldgendler.ru> a écrit:
> On Tue, 14 Mar 2006 15:13:21 +0600, Ric Hardacre <ric at hardacre.org>
> wrote:
>
<...>
>
>> perhaps:
>>
>> <body>
>> <div id="id">
>> DIV1
>> </div>
>> <sandbox id="mysandbox" >
>> <div id="id">
>> DIV2
>> </div>
>> </sandbox>
>> </body>
>>
>> from outside the sandbox:
>>
>> e = document.getElementById( "id" );
>> //e = DIV1
>>
>> eMSB = document.getElementById( "mysandbox" )
>> e = eMSB.getElementById( "id" );
>> //e = DIV2
>>
>> from within the sandbox:
>>
>> var e = document.getElementById( "id" );
>> //e = DIV2
>
> That's exactly what I meant.
I've made a short "investigation" regarding how browsers behave with
document.getElementById('a-duplicate-ID').
The page:
http://www.robodesign.ro/_gunoaie/duplicate-ids.html
Take a close look into the source (I've provided comments) to understand
what the "Click me" tests and what it shows. You'll see major browsers
I've tested behave the same: like with a queue, the last node that sets
the duplicate ID is also the node that's returned when you use
getElementById function.
--
http://www.robodesign.ro
ROBO Design - We bring you the future
More information about the whatwg
mailing list